Pole (consulting) (R-Vision SOAR (formerly R-Vision IRP))

2022: Implementation of R-Vision SOAR

Polyus has increased the efficiency of information security management processes using the technologies of R-Vision, which announced this on February 11, 2025.

The main task faced by Polyus was to increase the efficiency of the information security incident management process throughout the organization by automating existing regulations and incident handling processes.

At the same time, there were also a number of related tasks, such as reducing incident response time, reducing the number of routine operations and optimizing labor costs of the Information Security Department. The employees of the division needed a convenient tool to form a holistic picture of the identified and resolved incidents, as well as the automatic provision of detailed reporting and visualization of statistical data.

As a result, the R-Vision SOAR product was chosen to solve the entire task pool, which fully met all the needs of the organization.

The project affected the entire infrastructure of the organization, which is more than 20,000 units of various assets.

At the first stage, a pre-project survey was carried out with a specific collection of information about all automation objects, the results of which determined the full picture of the current state, described all existing processes for responding to information security incidents in the organization, and also formed a target picture.

At the next stage, work was carried out to install, configure and connect R-Vision SOAR to the Customer's systems: integration with the mail server, domain controller, information security incident collection and correlation system and other data sources was carried out. In addition, to enrich information security incidents with an additional context, a number of R-Vision SOAR integrations were made with services for analyzing suspicious files and web links for the presence of VirusTotal malware, monitoring and analyzing WhoIS domain names, as well as with the customer's IP address management system. As a result of product integrations with all these systems, it was possible to organize a single unified process that is controlled from the interface of one solution - R-Vision SOAR.

Further, based on existing regulations and information security incident management processes, 26 response scenarios (playbooks) were developed and implemented that meet all the needs of Polyus and correspond to the best world practices. Clear SLAs for incident response and investigation processes were also formed.

The final stage of the project implementation was the comprehensive training of 16 specialists of the Customer to work with R-Vision SOAR. The training program consisted of the 1st theoretical and 6 practical blocks that reveal all the functionality and capabilities of the implemented product, as well as provide comprehensive knowledge of the user on how to work with the product taking into account the specifics of the Customer and the implemented business processes.

The flexibility of the implemented R-Vision SOAR product allowed, without disrupting the existing information security incident management process, to transfer it to an automation tool and implement 26 unique playbooks.

As a result, Polyus reduced the response time to information security incidents by 2 times, and also freed up the resources of information security department employees by automating routine processes and tasks. In addition, employees of the information security department located in 5 regions of the Russian Federation were provided with a single space for joint work and a convenient tool for automatic presentation of statistics, analytics and management reporting.

All this increased the overall level of Polyus cybersecurity, and also ensured the transparency of the information security department.

All new regulations and processes in the Polyus information security department are now being developed taking into account the use of R-Vision SOAR. More and more data sources and security tools are connected to the platform, the number of which will only increase in the future.

Шаблон:Quote 'author=said Andrey Tikhonin, head of the Polyus information security department.